Transcript Slides

SFS Workshop 2012
May 21, 2012
SFS Summer Workshop at
UT Chattanooga
1
Program Goals
• Build capacity in IA education through faculty
summer workshops
– Increased faculty interest and participation in IA
education.
– Increased number of courses and institutions adopting
the hands-on exercises and case studies
• Develop student mastery of and interest in IA
topics
• Provide a platform of sharing and collaboration Is
2
Topics and Speakers
• Cryptography, Access Control, Cloud Computing,
Forensics, and Security Ethics by Li Yang, Joseph
Kizza and Kathy Winters from UT Chattanooga
• Security Management, Buffer-over-flow, Firewall
by Xiaohong (Dorothy) Yuan and Ken Williams
from North Carolina A&T State University
• Web Security and Network Security by Bill Chu
from University of North Carolina at Charlotte
• Virtualization and Security Hands-on Learning by
Vincent Nestler
3
Cryptography Hands-on Learning
• CrypTool
• Programming
4
Overview of Security Services
Data confidentiality protects data from disclosure attack.
Data integrity protect data from modification, insertion, deletion, and replaying
attacks.
Authentication provides proof of sender, or receiver, or source of the data.
Nonrepudiation protects against repudiation by either the sender to the reveiver.
Access control provides protection again unauthorized access to data.
5
Cryptography
•
•
•
•
•
Symmetric Cryptography
Public Key Cryptography
Hash Function
Digital Signature
Key Management
6
Symmetric Key Ciphers
• Traditional Symmetric Key ciphers
– A substitution cipher replaces one symbol with
another.
– A transposition cipher reorders symbols.
• Modern Symmetric-key Ciphers
– Stream ciphers operate on the plaintext a single
bit (or sometimes byte) at a time
– Block ciphers operate on the plaintext in groups of
bits. The groups of bits are called blocks.
7
Playfair Encryption
Example: Lab on Playfair
encryption
• Let us generate keypad using keyword “CHATTANOOGA”
and encrypt the plaintext “Cryptography” using the keypad.
• CR  AP, YP  SV, TP  CD
• Good exercises for two-dimension arrays
8
DES
• DES was adopted as a US federal standard for
commercial encryption in 1975.
• The S-Boxes design provides confusion and diffusion
of bits from each round to the next.
• The P-Boxes provide diffusion of bits.
• DES uses sixteen rounds of Feistel ciphers. the cipher
text is thoroughly a random function of plaintext and
cipher text.
• Visualization “Indiv. Procedures\Visualization of
Algorithms\DES”
9
Weaknesses in DES
Critics have found some weaknesses in DES.
Weaknesses in Cipher Design
1. Weaknesses in S-boxes
• Two specifically chosen inputs to an S-box can create same output
2. Weaknesses in P-boxes
• initial and final permutations have no security benefits
• the first and fourth bits of every 4-bit series are repeated
3. Weaknesses in Key
• Weak keys create same 16 round keys
• Semi-weak keys create 2 different round keys
• Possible weak keys create 4 distinct round keys
• Key complement
10
Double encryption and decryption
with a weak key
E k ( E k ( P ))  P
Example: Lab on Weak DES keys
11
AES
• The Advanced Encryption Standard (AES) is a
symmetric-key block cipher published by the
National Institute of Standards and Technology
(NIST) in December 2001.
• AES has defined three versions, with 10, 12, and
14 rounds.
• Each version uses a different cipher key size (128,
192, or 256), but the round keys are always 128
bits.
• Visualization: “Indiv. Procedures\Visualization of
Algorithms\AES\Rijindael Animation”
12
Modes of operation
• How to encrypt large messages?
– Partition into n-bit blocks
– Choose mode of operation
• Modes of operation have been devised to
encipher text of any size employing either DES or
AES.
13
Evaluation criteria of modes
• Identical messages
– under which conditions cipher text of two identical
messages are the same
• Chaining dependencies
– how adjacent plaintext blocks affect encryption of a
plaintext block
• Error propagation
– resistance to channel noise
• Efficiency
– preprocessing
– parallelization: random access
• Example: Lab on modes of operation
14
Cryptanalysis
As cryptography is the science and art of
creating secret codes, cryptanalysis is the
science and art of breaking those codes.
15
Cipher text-Only Attack
Cipher text + algorithm  key and the plaintext
• Brute-Force attack: exhaustive key search attack
•Statistical attack: benefit from inherent characteristics of the plaintext language.
E.g. E is the most frequently used letter. Example: Lab on Frequency Analysis
•Pattern attack: discover pattern in cipher text.
•Example: Labs on binary addition and XOR encryption
16
Hash Function
• A cryptographic hash function takes a message of arbitrary
length and creates a message digest of fixed length. The goal
is to ensure integrity of message.
• Resistance to three attacks
– Preimage attack: find M’ such that that D=h(M’) given
D=h(M)
– Second Preimage Attack: find M’ such that h(M’)=D given D
and M
– Collision Attack: Find two messages M and M’ such that
H(M)=h(M’)
• Using multiple rounds of encryption or compression
17
Cryptographic APIs
Cryptlib
Crypto++
(http://www.cryptlib.com/)
(http://www.cryptopp.com/)
– C++ library
– easy to use
– open source
– free for
noncommercial use BSAFE
OpenSSL
(http://www.openssl.org)
– poorly documented
– open source
– popular
(http://www.rsa.com/node.aspx?id=1204)
–
–
–
–
well documented, Java, C/C++
most popular commercial library
Was commercial SDK from RSA
free from 2009 under RSA Share
Project
Cryptographic APIs
Cryptix: JCA, JCE
– open source Java library, C# library
– http://www.bouncycastle.org/java.html
Python Cryptographic Toolkit
– open source crypt, hash, rand modules
– http://www.amk.ca/python/code/crypto
Crypt:: CPAN modules for Perl
– well documented
– many different libraries
Supported Ciphers
1. Range of MAC algorithms
Almost all include MD5, SHA-1
2. Range of symmetric algorithms
Almost all include AES, DES
3. Range of public key algorithms
Almost all include RSA, Diffie-Hellman, DSA
Work on labs (1)
From 9:15am to 10:15am
• 1.1 Encryption using classical techniques -- Playfair
• 1.2 frequency analysis
• 2.1 Encryption using binary addition
• 2.2 Encryption using binary Exclusive-OR (XOR)
• 2.3 Triple DES with CBC mode and Weak DES keys
• 2.4 Testing different modes in symmetric ciphers
• 4.1 Hash generation and sensitivity of hash functions to
plaintext modifications
• 4.2 Hash function
21
Coffee Break
(10:15-10:45am)
22
Public key cryptography
• Public key cryptography uses two separate keys: one
private and one public.
Requirements:
1 need
.
.
+
KB ( ) and K B( ) such
- +
K (K (m)) = m
B B
that
+
2 given public key K , it should be
B
impossible to compute private
key KB
RSA: Rivest, Shamir, Adleman algorithm
23
RSA: Choosing keys
1. Choose two large prime numbers p, q.
(e.g., 1024 bits each)
2. Compute n = pq, z = (p-1)(q-1)
3. Choose e (with e<n) that has no common factors
with z. (e, z are “relatively prime”).
4. Choose d such that ed-1 is exactly divisible by z.
(in other words: ed mod z = 1 ).
5. Public key is (n,e). Private key is (n,d).
+
KB
-
KB
24
Attacks on RSA – Factorization Attack
 No devastating attacks on RSA have been yet discovered.
 Bob selects p and q and calculate n=p*q. n is public but p
and q are secret. If Eve can factor n and obtain p and q, she
can calculate private d from public e by
1
d  e mod(( p  1)( q  1))
 However, none of existing factorization algorithms can
factor a large integer with polynomial time complexity.
 To be secure, RSA presently requires that n should be
more than 300 decimal digits, which means that the
modulus must be at least 1024 bits.
 Example: Lab on 3.1
25
Short message attacks
• Known: Cipher text, RSA algorithm
• Unknown: plaintext, key
• Short message attack – if it is known that Alice
is sending a four-digit number to Bob, Eve can
easily try plaintext numbers from 0000 to
9999 to find the plaintext.
• Example: Lab 3.2 on short message attack
26
Optimal asymmetric encryption padding (OAEP)
• P = P1 || P2, where P1 is the masked version of the
padded message M; P2 is sent to allow Bob to find the
mask
• Encryption
– Pad the plaintext to make m-bit message M, if M is
less than m-bit
– Choose a random number r of k-bits. (used only
once)
– Use one-way function G that inputs r-bit integer and
outputs m-bit integer. This is the mask.
– P1 = M  G(r)
– P2 = H(P1)  r, function H inputs m-bit and outputs
k-bit
– C = E(P1 || P2). Use RSA encryption here.
27
OAEP
• Decryption
– P = D (P1 || P2)
– Bob first recreates the value of r:
H(P1)  P2 = H(P1)  H(P1)  r = r
– Bob recreates msg:
G(r)  P1 = G(r)  G(r)  M = M
28
Timing attacks
• RSA fast-exponential algorithm uses
– only squaring if the corresponding bit in the
private exponent d is 0. requires shorter time to
decrypt.
– Both squaring and multiplication if the
corresponding bit is 1. requires longer time to
decrypt
• This timing difference allows Eve to find the
value of bits in d, one by one.
• Example: lab 3.3 timing attack
29
Digital Signature
• The sender uses a signing algorithm to sign the
message. The message and the signature are sent
to the receiver. The receiver receives the message
and the signature and applies the verifying
algorithm to the combination. If the result is true,
the message is accepted; otherwise, it is rejected.
30
Kerberos
• An authentication solution and a way to
manage keys in symmetric ciphers
• Will be discussed on Tuesday/Wednesday
31
IA resources and projects (1)
• SEED: Developing Instructional Laboratories for
Computer SEcurity Education @ Syracuse
University
http://www.cis.syr.edu/~wedu/seed/index.html
• SWEET: Secure Web Development Teaching
Modules @ Pace University
http://csis.pace.edu/~lchen/sweet/
• Security Injection@ Towson University
http://triton.towson.edu/~cssecinj/secinj/
32
IA resources and projects (2)
• National Initiative Cybersecurity Education
(NICE): http://csrc.nist.gov/nice/
• DETER Network Security Testbed
http://www.isi.deterlab.net/index.php3
• The Open Web Application Security Project
(OWASP)
http://owasp.com/index.php/Main_Page
33
Work on Labs II
From 10:45am-11:45pm
• 3.1 RSA encryption and attacks
• 3.2 RSA Short message attacks and padding
• 3.3 RSA timing attacks
• 5.1 Digital signature visualization
• 5.2 RSA signature
• 5.3 Attack on digital signature/hash collision
• 5.4 Digital signature (programming)
34